Hello Vineet S,
Greetings! Welcome to Microsoft Q&A Platform.
The error message you’re encountering, ‘AuthorizationPermissionMismatch’, indicates that there’s an issue with permissions when connecting to Azure Data Lake Storage Gen2 (ADLS Gen2) from Purview.
If you are connecting via Managed Identity, then make sure to add Purview Managed Identity to the Storage Blob Data Reader role for the Azure Data Lake Gen2 storage account.
- Navigate to your ADLS Gen2 storage account.
- Select Access Control (IAM) from the left navigation menu.
- Select + Add.
- Set the Role to Storage Blob Data Reader
- Enter your Azure Purview account name under Select input box.
- Then, select Save to give this role assignment to your Purview account.
For more details, refer to Register and scan Azure Data Lake Storage Gen2 - Prerequisites.
Check whether public network access is disabled for your storage account. If it is, consider using Managed Virtual Network IR and create a Private Endpoint to access the storage and verify that the IP address ranges of Azure Data Factory are allowed by your Azure Storage firewall settings.
https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal,https://learn.microsoft.com/en-us/azure/data-factory/managed-virtual-network-private-endpoint
Also consider the following to troubleshoot the issue,
- Sometimes this issue occurs if there is something blocking the network connection. If this is the case, this issue can often be resolved by whitelisting the required endpoints as mentioned in our Microsoft documentation: https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud#azure-portal-framework
- Also do check if you have all the required RBAC roles To request the user delegation key, you must assign to a security principal the Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey action. The following built-in RBAC roles include the Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey action, either explicitly or as part of a wildcard definition: Contributor, Storage Account Contributor, Storage Blob Data Contributor, Storage Blob Data Owner, Storage Blob Data Reader, Storage Blob Delegator. reference document: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#assign-permissions-with-rbac
refer similar thread for reference - https://stackoverflow.com/questions/75987769/errorcode-authorizationpermissionmismatch,https://stackoverflow.com/questions/69769292/error-when-i-am-trying-to-connect-between-azure-data-factory-and-azure-data-lake.
Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.